IntenseFinance/firefly-iii
3
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-02-25 18:45:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

New middleware.

Browse Source
This commit is contained in:
James Cole 2016-03-29 12:23:10 +02:00
parent 87b36cf7e3
commit 993a2c7823
2 changed files with 112 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
app/Http/Kernel.php
View File

@ -50,30 +50,39 @@ class Kernel extends HttpKernel
// does not check login
// does not check 2fa
// does not check activation
'web' => [
'web' => [
EncryptCookies::class,
AddQueuedCookiesToResponse::class,
StartSession::class,
ShareErrorsFromSession::class,
VerifyCsrfToken::class,
],
// must be authenticated
// must be 2fa (if enabled)
// must be activated account
'web-auth' => [
// MUST NOT be logged in. Does not care about 2FA or confirmation.
'user-not-logged-in' => [
EncryptCookies::class,
AddQueuedCookiesToResponse::class,
StartSession::class,
ShareErrorsFromSession::class,
VerifyCsrfToken::class,
RedirectIfAuthenticated::class,
],
// MUST be logged in.
// MUST NOT have 2FA
// don't care about confirmation:
'user-logged-in-no-2fa' => [
EncryptCookies::class,
AddQueuedCookiesToResponse::class,
StartSession::class,
ShareErrorsFromSession::class,
VerifyCsrfToken::class,
Authenticate::class,
AuthenticateTwoFactor::class,
IsConfirmed::class,
RedirectIfTwoFactorAuthenticated::class,
],
// must be authenticated
// must be 2fa (if enabled)
// must NOT be activated account
'web-auth-no-confirm' => [
// MUST be logged in
// MUST have 2FA
// MUST NOT have confirmation.
'user-logged-in-2fa-no-activation' => [
EncryptCookies::class,
AddQueuedCookiesToResponse::class,
StartSession::class,
@ -83,29 +92,11 @@ class Kernel extends HttpKernel
AuthenticateTwoFactor::class,
IsNotConfirmed::class,
],
// must be authenticated
// does not care about 2fa
// must be confirmed.
'web-auth-no-two-factor' => [
EncryptCookies::class,
AddQueuedCookiesToResponse::class,
StartSession::class,
ShareErrorsFromSession::class,
VerifyCsrfToken::class,
Authenticate::class,
RedirectIfTwoFactorAuthenticated::class,
IsConfirmed::class,
],
'web-auth-no-two-factor-any-confirm' => [
EncryptCookies::class,
AddQueuedCookiesToResponse::class,
StartSession::class,
ShareErrorsFromSession::class,
VerifyCsrfToken::class,
Authenticate::class,
RedirectIfTwoFactorAuthenticated::class,
],
'web-auth-range' => [
// MUST be logged in
// MUST have 2fa
// MUST be confirmed.
// (this group includes the other Firefly middleware)
'user-full-auth' => [
EncryptCookies::class,
AddQueuedCookiesToResponse::class,
StartSession::class,
@ -118,6 +109,68 @@ class Kernel extends HttpKernel
Binder::class,
],
//
// // must be authenticated
// // must be 2fa (if enabled)
// // must be activated account
// 'web-auth' => [
// EncryptCookies::class,
// AddQueuedCookiesToResponse::class,
// StartSession::class,
// ShareErrorsFromSession::class,
// VerifyCsrfToken::class,
// Authenticate::class,
// AuthenticateTwoFactor::class,
// IsConfirmed::class,
// ],
// // must be authenticated
// // must be 2fa (if enabled)
// // must NOT be activated account
// 'web-auth-no-confirm' => [
// EncryptCookies::class,
// AddQueuedCookiesToResponse::class,
// StartSession::class,
// ShareErrorsFromSession::class,
// VerifyCsrfToken::class,
// Authenticate::class,
// AuthenticateTwoFactor::class,
// IsNotConfirmed::class,
// ],
// // must be authenticated
// // does not care about 2fa
// // must be confirmed.
// 'web-auth-no-two-factor' => [
// EncryptCookies::class,
// AddQueuedCookiesToResponse::class,
// StartSession::class,
// ShareErrorsFromSession::class,
// VerifyCsrfToken::class,
// Authenticate::class,
// RedirectIfTwoFactorAuthenticated::class,
// IsConfirmed::class,
// ],
// 'web-auth-no-two-factor-any-confirm' => [
// EncryptCookies::class,
// AddQueuedCookiesToResponse::class,
// StartSession::class,
// ShareErrorsFromSession::class,
// VerifyCsrfToken::class,
// Authenticate::class,
// RedirectIfTwoFactorAuthenticated::class,
// ],
// 'web-auth-range' => [
// EncryptCookies::class,
// AddQueuedCookiesToResponse::class,
// StartSession::class,
// ShareErrorsFromSession::class,
// VerifyCsrfToken::class,
// Authenticate::class,
// AuthenticateTwoFactor::class,
// IsConfirmed::class,
// Range::class,
// Binder::class,
// ],
'api' => [
'throttle:60,1',
],

47
app/Http/routes.php
View File

@ -1,16 +1,22 @@
<?php
declare(strict_types = 1);
// does not check login
// does not check 2fa
// does not check activation
//Route::get('/logout', 'Auth\AuthController@logout');
//Route::get('/error', 'HomeController@displayError');
//Route::get('/logout', ['uses' => 'Auth\AuthController@logout', 'as' => 'logout']);
//Route::get('/flush', ['uses' => 'HomeController@flush']);
/**
* These routes only work when the user is NOT logged in.
*/
Route::group(
['middleware' => 'web'], function () {
['middleware' => 'user-not-logged-in'], function () {
// Authentication Routes...
Route::get('/login', 'Auth\AuthController@showLoginForm');
Route::post('/login', 'Auth\AuthController@login');
Route::get('/logout', 'Auth\AuthController@logout');
// Registration Routes...
Route::get('/register', ['uses' => 'Auth\AuthController@showRegistrationForm', 'as' => 'register']);
@ -23,30 +29,26 @@ Route::group(
Route::post('/password/email', 'Auth\PasswordController@sendResetLinkEmail');
Route::post('/password/reset', 'Auth\PasswordController@reset');
// display error:
Route::get('/error', 'HomeController@displayError');
Route::get('/logout', ['uses' => 'Auth\AuthController@logout', 'as' => 'logout']);
}
);
// must be authenticated
// does not care about 2fa
// does not care about confirmation.
/**
* For the two factor routes, the user must be logged in, but not 2FA. Account confirmation does not matter here.
*/
Route::group(
['middleware' => 'web-auth-no-two-factor-any-confirm'], function () {
['middleware' => 'user-logged-in-no-2fa'], function () {
Route::get('/two-factor', ['uses' => 'Auth\TwoFactorController@index', 'as' => 'two-factor']);
Route::get('/lost-two-factor', ['uses' => 'Auth\TwoFactorController@lostTwoFactor', 'as' => 'lost-two-factor']);
Route::post('/two-factor', ['uses' => 'Auth\TwoFactorController@postIndex', 'as' => 'two-factor-post']);
Route::get('/flush', ['uses' => 'HomeController@flush']);
}
);
// routes that can only be accessed without having your account confirmed.
/**
* For the confirmation routes, the user must be logged in, also 2FA, but his account must not be confirmed.
*/
Route::group(
['middleware' => 'web-auth-no-confirm'], function () {
['middleware' => 'user-logged-in-2fa-no-activation'], function () {
//
Route::get('/confirm-your-account', ['uses' => 'Auth\ConfirmationController@confirmationError', 'as' => 'confirmation_error']);
Route::get('/resend-confirmation', ['uses' => 'Auth\ConfirmationController@resendConfirmation', 'as' => 'resend_confirmation']);
@ -55,9 +57,11 @@ Route::group(
}
);
/**
* For all other routes, the user must be fully authenticated and have an activated account.
*/
Route::group(
['middleware' => ['web-auth-range']], function () {
['middleware' => ['user-full-auth']], function () {
/**
* Home Controller
@ -65,7 +69,6 @@ Route::group(
Route::get('/', ['uses' => 'HomeController@index', 'as' => 'index']);
Route::get('/home', ['uses' => 'HomeController@index', 'as' => 'home']);
Route::post('/daterange', ['uses' => 'HomeController@dateRange', 'as' => 'daterange']);
Route::get('/routes', ['uses' => 'HomeController@routes']);
/**
* Account Controller